CVE-2011-2894
Security: Chosen commands execution on the server (Framework) or authentication token bypass (Security) by objects de-serialization
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by (1) serializing a java.lang.Proxy instance and using InvocationHandler, or (2) accessing internal AOP interfaces, as demonstrated using deserialization of a DefaultListableBeanFactory instance to execute arbitrary commands via the java.lang.Runtime class.
Spring Framework v3.0.0 hasta la v3.0.5, v3.0.0 hasta la de Spring Security v3.0.5 y v2.0.0 y v2.0.6, y posiblemente otras versiones permite des-serializar objetos de fuentes no fiables, lo que permite a atacantes remotos eludir las restricciones de seguridad existentes y permite la ejecución de código no seguro (1) serializando una instancia de java.lang.Proxy y mediante el uso de InvocationHandler, o (2) accediendo a las interfaces internas AOP, como se demuestra con la des-serialización de una instancia de DefaultListableBeanFactory para ejecutar código arbitrario a través de la clase java.lang.Runtime.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2011-07-27 CVE Reserved
- 2011-09-09 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-502: Deserialization of Untrusted Data
CAPEC
References (10)
URL | Tag | Source |
---|---|---|
http://osvdb.org/75263 | Broken Link | |
http://securityreason.com/securityalert/8405 | Third Party Advisory | |
http://www.securityfocus.com/archive/1/519593/100/0/threaded | Mailing List | |
http://www.securityfocus.com/bid/49536 | Third Party Advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/69687 | Third Party Advisory | |
https://web.archive.org/web/20120307233721/http://www.springsource.com/security/cve-2011-2894 | X_refsource_misc |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://www.redhat.com/support/errata/RHSA-2011-1334.html | 2022-07-17 | |
http://www.springsource.com/security/cve-2011-2894 | 2022-07-17 | |
https://access.redhat.com/security/cve/CVE-2011-2894 | 2011-09-22 | |
https://bugzilla.redhat.com/show_bug.cgi?id=737611 | 2011-09-22 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Vmware Search vendor "Vmware" | Spring Framework Search vendor "Vmware" for product "Spring Framework" | >= 3.0.0 <= 3.0.5 Search vendor "Vmware" for product "Spring Framework" and version " >= 3.0.0 <= 3.0.5" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Spring Security Search vendor "Vmware" for product "Spring Security" | >= 2.0.0 <= 2.0.6 Search vendor "Vmware" for product "Spring Security" and version " >= 2.0.0 <= 2.0.6" | - |
Affected
|